[Buildbot-devel] svn password plaintext in log

Dustin J. Mitchell dustin at v.igoro.us
Fri Oct 19 23:42:46 UTC 2012


On Fri, Oct 19, 2012 at 4:55 AM, tom fogal <tfogal at sci.utah.edu> wrote:
> Hi all,
>
> I'm using the steps.source.svn.SVN step and seeing my password come out
> in the 'stdio' logs:
>
>    argv: ['svn', 'info', '--non-interactive', '--no-auth-cache',
> '--username', 'tfogal', '--password', 'MyPasswordAppearsHere']
>
> Verbatim.  I looked through the code a bit but I couldn't see where
> "argv:" gets printed out.  Any pointers?
>
> Here's my svn step, for reference:
>
>    SVN(mode="full", repourl=Interpolate(svn + "%(src::branch)s"),
>        username=svnuser, password=svnpass)

Hmm, the slave-side SVN step (which you're using) uses Obfuscated to hide that:

slave/buildslave/commands/svn.py:
            self.svn_args.extend(["--password",
Obfuscated(args['password'], "XXXX")])

so I'm surprised you're seeing this.  The master-side command doesn't
support obfuscation.

Dustin




More information about the devel mailing list